=============================================================================
Virtual Domain Hosting Services provided by The FOURnet Information Network
mail webserv@FOUR.net or see http://www.four.net
=============================================================================
[8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995
PROGRAM:
sendmail_wrapper.c
VULNERABLE VERSIONS:
SunOS 4.1.*
DESCRIPTION:
As a Solution to advisory:
[8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995
CERT advises the following.
B. Install the sendmail wrapper available from
ftp://ftp.cs.berkeley.edu/ucb/sendmail/sendmail_wrapper.c
ftp://ftp.auscert.org.au/pub/auscert/tools/sendmail_wrapper.c
Checksum:
MD5 (sendmail_wrapper.c) = fb53f92b6fc539766cd69e8b08909ba1
This wrapper uses syslog(3) to report potential attacks. However
this is performed in an insecure manner, and can be exploited as
described in:
[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
IMPACT:
Local users can therefore obtain superuser privileges.
FIX:
In order to use syslog(3) in a secure manner, strings must be
limited in length. Therefore to fix the call to syslog(3) we
can do:
syslog( LOG_MAIL | LOG_ERR,
"Possible SunOS sendmail attack specifying '-%c %.500s' by uid %d\n",
argv[ i][ 1], cp, getuid());
STATUS UPDATE:
The file:
[8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995.README
will be created on www.8lgm.org. This will contain updates on
any further versions which are found to be vulnerable, and any
other information received pertaining to this advisory.
-----------------------------------------------------------------------
FEEDBACK AND CONTACT INFORMATION:
majordomo@8lgm.org (Mailing list requests - try 'help'
for details)
8lgm@8lgm.org (Everything else)
8LGM FILESERVER:
All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
8LGM WWW SERVER:
[8LGM]'s web server can be reached at http://www.8lgm.org.
This contains details of all 8LGM advisories and other useful
information.
===========================================================================